Spear Phishing

As I said in one of my earlier article that phishing is easy to execute and its required very little efforts therefore many cybercriminals use this method. Criminals sent fake emails, text messages and created a website looking authentic. They use email, messages, and website to steal personal and financial information from users. This is also known as spoofing. it occurs when a cybercriminal sends a fake email masked as it from a legitimate and trusted source.

An example of phishing is a bogus email, but look like it came from a legitimate source asking the user to click a link to claim a prize. The link may redirect to a bogus site asking for personal information, or it may install a malware. Criminal also use to get their target using telephone or text message by someone posing as a legitimate institution to attract people into providing sensitive data such as identity, banking, and credit card information, and passwords. Then the information uses to access important accounts and can result in identity theft and financial loss.

Spear Phishing

Criminals attack extremely targets using spear phishing. Phishing and spear phishing both use emails to reach the victims. Criminals use sends customized emails to a specific person in spear phishing. They research the target’s interests earlier than sending the email. For example, a criminal learns the target, that he interested in book reading. The criminal joins the same book discussion forum as a member; forges book reading links and sends an email to the target. When the target clicks on the link, he or she unknowingly install malware on the computer.

How phishing works

Phishing is popular with cybercriminals; because far its easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer’s defenses.

Its attacks generally transmit using social networking techniques applied to email including, voice call, messages over the social network, and SMS text messages and other instant messaging modes. It may also use social engineering including social networks like Facebook, LinkedIn, and Twitter, to collect information about the targets interests, activities and work history.

The phishers expose names, jobs titles and email addresses of targets before attacks. They also collect information about the colleagues and their job titles and key employees in their organization. Then the information can uses in an email to a victim for getting their beliefs.

Generally, Phishers message appears to have been sent by a known contact or organization. There are two methods of attacks; through a file attachment that has phishing software, or through links connecting to malicious websites. The third goal of phishers is to install malware on victims computers and to trick them into divulging personal and financial information, such as password, account IDs and credit card details.

The successful phishing messages, generally represent from a well-known company; that is difficult to differentiate from authentic messages: Malicious links in the messages are usually well designed. The use of subdomains and misspelled URLs are common tricks, as is the use of other link manipulation techniques.